��ŗ<ʈ,�s�v%~.ٞi:�<�J��-.��cM+^�]Z�<����&�8QH7�t���o�z�A���s��?^�":wIp�%�B[ۘ#/yӲ�O�&%�f���D���IH�[ꏏ����!��=\��C��ѝr�!ܔ�b�������'v�_��%�Te �;� �1�Y;�,ّB���%eT%ۓ���c�*�;H�\eזZ GmE��,h����VmD�5倓;^1A�c}!����ت���s =4x� F��uR�kD�1U�|����)���_^�� ;�:�SҀ�4�N����oT%]�B��7��A�H,�����x�+�hfI��/~��k7sL>�f��E��#S[�U���wЇX��'����:�$:����1�L�G��w&ԧ���1���B�p�3 �\�&��jx_ ��x��_��&yA�=��R� ��oV����#F���ЃZH*��ί�u�LMo�����1���w;��q/�;(UBi���V�U�D���NE��1wA�2^�lr���A� �4�`h7�K�Ì���@�h�h<�pa�}�������%����Q�G,mIª��R��S'���YDr�߯z����jQB���0X7�\!h��(q���]�f���FsT�y�A�d��V�ix�� � [�8�(��t��a���,yF�Q3˦Mv��3梄o����M�{���в���W�՛�y\���7E� �����`�8�8Vx��-V�������>L�~�4>nx7&��� �����}*�p��<��qD������'+��f*��i��*��6F�{ $.E�ܴӴ�rE��� �J ��k�{�bv=�O2�rk�����h����1�_��-p����s��t�ُ����\�����W�f��J诅 �l)���a��S�&�������ʘy��b����U�x��Q���rg<꿡��t�����"�m6���B2O�4Ot7_9��繐4s�d������{�5�╴h��7���!N�1�I����ES��(a����*��1�7���D���ց� ����� e��o*�b4�T.�@ʪD瞁;ò�Q�d!�{�����/Ƀ�4/s~ƙ$�p�� Z?j�*� �,�Ĥ��BY���p�����<��gq��WJk�nW�&|����Gg�ь~aj�&W�U��P�d+A����S _���Rofv�4΅�ܺs�A�k������Vxh�8ZC�7/�y9�G�`*rm�G �9AbU�D���0լ\��z������Lo� +tCJi�E�\Q����3B�\b�dʾ(����?�#u敉TQ�H��ac �m ���1���;��n���<�?���0Ǖ�[X��߈��+b�b+囚��6��u;$��W;�F�"��i�t���]9(����"Ѿ"ۓ�cP�B��O�l[�`�О-)[=�� ������ɞx��;��& O��<����5ڸ�T�B3�?�*$W8Κ��E&�s�&���7�*@�]����%��ո](��F�a���z5/��Q�.z4�D��o��,{HLm�W#(�w��ӫ��=���^ő��x�/����$gZ<��K.��O���B��2@b�&��]B��r[0n\a�{(�������=B��K�l��Ή�ͤAk�a��5���u�P�T=�+Y���j���Xiցk� ��g����a���#D�ǴR���n�7�ʽf� m�����_yY�{��GO�4��@D�˂�r�V�g��KNc�)v/�q�Y0e�-[��2U aBc��}^��f] �Z� �8]s�� �"E7��ѥ/�]��J�s�t�+��~z�����[W��N�#P|p�=藀����}�h�?p=�8�Տ2G�[���6Q&~�����H[�������0��O��>s�s�����^�Cre�dXn��'�ǫ֠���� ��4�&8ՌW��_����wnܩ� �{ܺ*Sb=��.�\]-ʈ��1�E_��[��T饦<8DMl\q�˓T~TQ2L.|wX�IC����PZ�s*���N&��?%��y��G�Ӱ`-kY�շ�Xe�f�A)�����ރqR�(�x�(AO8Ƈ�yJ.S����5hY�m���c��j��y���W=���\o�ɶ ֏�\⾊Y��[X�ĜMX�1O�w�T+�B���_$����2{�>�2� l��4�a"m34f�UYQ� ��%Ö��D�P{��4*T����gPkۿ�p?��E���/�����(�f���o�y`���Rw�b�)m:陎�L̀��NF#lK�x�pua��� -4�x(�Bf�yݗ�l��Yu�da�f⻰][�k�&��q7��W4t�!xϽ����Φ2��2(9%�5�P� �U���Md%�5S9�o'n�i���Ro_M̮l>�s������]C�M\�O�����4~Ӯj I�ڿ���pu�N�;���(c3�76!̮ڗ>G'M�M�O�Z�E���w�m�V��O���D�K1Z�m+B+:fm�8����ᄗg��)�c��JY,�%�t����X������ >O����C��!�%p�Ki (P����l�����8f�#��Y\�D�^dk6�,G�O|�<c�!���0�/Df��hju!m�K�c��z�����t��tMWm�@������M�{�Y��j��@/��S���aM�t�аD�.�ܮ@ܕd]��>k=��:L�O�nA�[M�-Z����jc��x4�Pq���7(`�.���F���E� D9���t���bB� ��7X-j��P4���e��ե}8�6�e+{��G&Jv>F�2�i�ٚ��m�&��9��%*��)QE�I�ʏ��E�k�#��m��J)T�gؚ��ry0��ޒ3�'rK��5X�,�$05z�� Z[�?�-�QC(�z-n�\��Y2͚cD�"��kEW�3of����f-�]���-Oa�H�'��7�9QuFO����6�����=�-��j"��aߏ��})���_���;n��_�J&�}/�>l֣�Y� 'M '��rUe�v��t����F�yl���+���V
Static task
static1
Behavioral task
behavioral1
Sample
patch2.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
patch2.exe
Resource
win10v2004-20221111-en
General
-
Target
patch2.exe
-
Size
2.3MB
-
MD5
db7bce9797181642f524a5fbf6692987
-
SHA1
253e7318697e87718a8a68a0c859f5c26963c9c9
-
SHA256
5a6c47eb2eaf4150f58d8ec4b1a3007418b7f582aaa5b9ad9e0131acd9bdbfcf
-
SHA512
3ad3d1513f380cf7424df147e30656afe47facb864f22a5c8257578cb703bf1109fcb7c57b019b7823a5f1a78350f2228d2bb642739be2a8354c941ae7f576bd
-
SSDEEP
49152:D6fX4dq3zjxhWk9JsE9D/d7kTKtZQAxUiPfc4XY6f:D6X4dq3zVNsuvZQKPfpY6
Malware Config
Signatures
Files
-
patch2.exe.exe windows x64
ed62d465edb8816f1f7b1b024e97d946
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
WriteProcessMemory
GetCurrentProcess
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
FindWindowA
CharUpperBuffW
shlwapi
StrStrIW
vcruntime140
__current_exception_context
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vfprintf
api-ms-win-crt-runtime-l1-1-0
_exit
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-heap-l1-1-0
_set_new_mode
wtsapi32
WTSSendMessageW
advapi32
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
Exports
Exports
Sections
.text Size: - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 432B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.upx0 Size: - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.upx1 Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 469B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ